Healthcare organizations are being urged to bolster their cybersecurity defenses against the persistent threat of Black Basta ransomware. A joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and HHS highlights the significant risks posed by this ransomware variant, which has targeted critical infrastructure sectors globally since its emergence in 2022.

Key Threats and Techniques:

• Initial Access: Black Basta actors frequently use spear phishing and known vulnerabilities to infiltrate systems. Notably, they have exploited a ConnectWise ScreenConnect vulnerability (CVE-2024-1709) and utilized credential scraping tools like Mimikatz.
• Double Extortion: Once inside, they employ a double-extortion tactic, encrypting data and threatening to release it unless a ransom is paid. Techniques include using PowerShell to disable antivirus and deploying Backstab to bypass endpoint detection.

Vulnerability of Healthcare:
Healthcare organizations are particularly vulnerable due to their size, dependency on technology, access to sensitive health information, and the severe impact of patient care disruptions.

The American Hospital Association emphasizes the urgency of these measures, noting that intelligence points to active targeting of the healthcare sector by a Russian-speaking ransomware gang. Immediate review and implementation of the advisory’s recommendations are crucial to defending against these high-impact attacks.

At the time of this posting there was, unfortunately, no similar warning or information from Health Canada or the Canadian Cyber Centre.